General

  • Target

    9de6c1837d910fc65a6122ce62191c601b8d46f9d159dbfac58bfb5494674053

  • Size

    80KB

  • Sample

    250529-rce2zssvew

  • MD5

    097577cc927e0c426a52cf4fc1604e6f

  • SHA1

    50a2f00722c18473d814349694aec81f05004fa8

  • SHA256

    9de6c1837d910fc65a6122ce62191c601b8d46f9d159dbfac58bfb5494674053

  • SHA512

    9eb31c4842f73c120be1f8e0da69ae58d9232d78c33ae5d11d13ae29b60e91f49295f727cde467bc0bec05fc720b267fa5b04acf57a38389c8eb28e544d2eda0

  • SSDEEP

    1536:uGIINlsPKe9Tdxz2dmn2ja+ZhuB0PUb2l:LehXz2ja+PuiPU8

Malware Config

Targets

    • Target

      9de6c1837d910fc65a6122ce62191c601b8d46f9d159dbfac58bfb5494674053

    • Size

      80KB

    • MD5

      097577cc927e0c426a52cf4fc1604e6f

    • SHA1

      50a2f00722c18473d814349694aec81f05004fa8

    • SHA256

      9de6c1837d910fc65a6122ce62191c601b8d46f9d159dbfac58bfb5494674053

    • SHA512

      9eb31c4842f73c120be1f8e0da69ae58d9232d78c33ae5d11d13ae29b60e91f49295f727cde467bc0bec05fc720b267fa5b04acf57a38389c8eb28e544d2eda0

    • SSDEEP

      1536:uGIINlsPKe9Tdxz2dmn2ja+ZhuB0PUb2l:LehXz2ja+PuiPU8

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (4873) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks